Skip to main content
Skip table of contents

EJBCA Cloud Azure

A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA), enabling multiple use cases and standards compliance.

Highlights

  • Multiple CAs and levels of CAs, build a complete PKI (or several) within one instance of EJBCA.

  • Unlimited number of Root CAs and SubCAs.

  • Request cross certificates and bridge certificates from other CAs and Bridge CAs.

  • Issue cross certificates to other CAs.

  • Support all common PKI Architectures, as well as many uncommon.

  • EJBCA supports SCEP, CMP, EST, ACME, OCSP, REST APIs and others.

  • Multiple instances of EJBCA can be used for a distributed deployment. Horizontally at the CA layer, or for external RA and VA support.

Overview

EJBCA Cloud is a pre-packaged, wizard-driven deployment of EJBCA available through major cloud marketplaces. It provides a streamlined way to install EJBCA into cloud provider environments, supporting integration with external infrastructure components such as relational databases and hardware security modules (HSMs). Once deployed, the images can be further customized by administrators to meet organizational requirements.

Because every organization has its own security posture and compliance needs, EJBCA Cloud does not attempt to enforce a one-size-fits-all “locked-down” configuration beyond application-level security and the hardened defaults included in the distribution. For example, EJBCA Cloud ships with a hardened Apache HTTP Server configuration, exposing only ports 80 and 443 externally. Internally, Apache communicates with the WildFly application server over the AJP connector on port 8009. Administrators are encouraged to apply additional hardening and security controls in accordance with their organization’s information security and compliance policies.

Additional Hardening Features

EJBCA includes many optional features that can be enabled to further strengthen security but are not turned on by default in the EJBCA Cloud images. These include:

  • Database integrity protection – ensures that database contents have not been tampered with.

  • External log signing – provides cryptographic proof that audit logs have not been altered.

  • Database transaction logging – enhances traceability and forensic analysis in the event of issues.

These and other advanced features can be configured by administrators to meet compliance requirements such as FIPS, Common Criteria, or industry-specific standards. For detailed guidance on these features and recommendations on which options best align with your organization’s security and compliance objectives, please refer to the EJBCA Security Guide.

Guides

The following guides provide relevant information to get your instance of EJBCA Cloud on Azure running and to get you started with the EJBCA software.

The guides include product documentation for the latest EJBCA Cloud Azure version. For documentation for previous versions, click EJBCA Cloud Versions in the header.

Launch Guide

Deploy EJBCA Cloud from Azure and log in to the EJBCA Admin Web for the first time.

EJBCA Enterprise Quick Start Guide

Guide for users unfamiliar with EJBCA. Walks you through a configurations to get you going quickly and covers both configuration of Certificate Authorities (CAs) and the required profiles within EJBCA.

Backup Guide

Shows an administrator of an EJBCA Cloud instance how to create a backup in Azure.

Restore and Upgrade Guide

Shows an administrator of an EJBCA Cloud instance how to upgrade a node from one version of EJBCA to another.

TLS Certificate Generation Guide

Shows an administrator of an EJBCA Cloud instance how to generate new Transport Layer Security (TLS) certificates.

RA Configuration and Administration Guide

Assists an EJBCA Cloud administrator with EJBCA CA to RA configuration and administration tasks related to RA management.

VA Configuration and Administration Guide

Assists an EJBCA Cloud Azure administrator with EJBCA CA to VA configuration and administration tasks related to VA management.

Cluster Configuration Guide

Assists an EJBCA Cloud Azure administrator with EJBCA Galera cluster configuration.

Key Vault Integration Guide

Assists users integrating EJBCA Cloud with Microsoft Azure Key Vault.

How to Create Support Package

Shows an administrator of an EJBCA Cloud Azure instance how to create a support package to upload to a ticket on the Keyfactor Support Portal.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close